hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
936f0c650c4efe35ba78005cdfc0308333c13129
codeql/java/ql/lib/ext/org.springframework.util.model.yml
MarkLee131 c336a1595d Java: split read-only path sinks into path-injection[read] 
Introduce a new Models-as-Data sink sub-kind path-injection[read] for
models that only read from or inspect a path. The general
java/path-injection query and its PathInjectionSanitizer barrier
continue to consider both path-injection and path-injection[read]
sinks, so no alerts are lost. The java/zipslip query deliberately
selects only path-injection sinks, since read-only accesses such as
ClassLoader.getResource or FileInputStream are outside the archive
extraction threat model.

Addresses https://github.com/github/codeql/issues/21606 along the lines
proposed on the issue thread: prefer path-injection[read] over a
[create] sub-kind so that miscategorizing a sink causes a false
positive (easy to spot) rather than a false negative.

- shared/mad/codeql/mad/ModelValidation.qll: allow path-injection[...]
  as a valid sink kind.
- java/ql/lib/ext/*.model.yml: relabel the models that PR #12916
  migrated from the historical read-file kind (plus the newer
  ClassLoader resource-lookup variants that share the same read-only
  semantics).
- java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll and
  PathSanitizer.qll: select both path-injection and
  path-injection[read] sinks/barriers.
- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: keep only
  path-injection, with a comment explaining why path-injection[read]
  is excluded.
- java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java:
  add m7 regression covering the Dubbo-style classpath lookup from
  issue #21606 and assert no alert is produced.
- Update TaintedPath.expected for the renamed kinds in the models list.
- Add change-notes under java/ql/lib/change-notes and
  java/ql/src/change-notes.
2026-04-21 09:17:36 +10:00

156 lines
21 KiB
YAML
Raw Blame History

extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],File)", "", "Argument[1]", "path-injection", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[0]", "path-injection[read]", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[1]", "path-injection", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["org.springframework.util", "AntPathMatcher", False, "combine", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "AntPathMatcher", False, "doMatch", "", "", "Argument[1]", "Argument[3].MapValue", "taint", "manual"]
- ["org.springframework.util", "AntPathMatcher", False, "extractPathWithinPattern", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "AntPathMatcher", False, "extractUriTemplateVariables", "", "", "Argument[1]", "ReturnValue.MapValue", "taint", "manual"]
- ["org.springframework.util", "AntPathMatcher", False, "tokenizePath", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "AntPathMatcher", False, "tokenizePattern", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "AutoPopulatingList", False, "AutoPopulatingList", "(java.util.List,java.lang.Class)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
- ["org.springframework.util", "AutoPopulatingList", False, "AutoPopulatingList", "(java.util.List,org.springframework.util.AutoPopulatingList$ElementFactory)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
- ["org.springframework.util", "Base64Utils", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "decodeFromString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "decodeFromUrlSafeString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "decodeUrlSafe", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "encode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "encodeToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "encodeToUrlSafeString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "Base64Utils", False, "encodeUrlSafe", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "arrayToList", "", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "findFirstMatch", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "findValueOfType", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "firstElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "lastElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "mergeArrayIntoCollection", "", "", "Argument[0].ArrayElement", "Argument[1].Element", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "mergePropertiesIntoMap", "", "", "Argument[0].MapKey", "Argument[1].MapKey", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "mergePropertiesIntoMap", "", "", "Argument[0].MapValue", "Argument[1].MapValue", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "toArray", "", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "toIterator", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "toMultiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "toMultiValueMap", "", "", "Argument[0].MapValue.Element", "ReturnValue.MapValue.Element", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "unmodifiableMultiValueMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["org.springframework.util", "CollectionUtils", False, "unmodifiableMultiValueMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
- ["org.springframework.util", "CompositeIterator", False, "add", "", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
- ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getReference", "", "", "Argument[this].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getReference", "", "", "Argument[this].MapValue", "ReturnValue.MapValue", "value", "manual"]
- ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getSegment", "", "", "Argument[this].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["org.springframework.util", "ConcurrentReferenceHashMap", False, "getSegment", "", "", "Argument[this].MapValue", "ReturnValue.MapValue", "value", "manual"]
- ["org.springframework.util", "FastByteArrayOutputStream", False, "getInputStream", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "FastByteArrayOutputStream", False, "toByteArray", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "FastByteArrayOutputStream", False, "write", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["org.springframework.util", "FastByteArrayOutputStream", False, "writeTo", "", "", "Argument[this]", "Argument[0]", "taint", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copy", "(String,Writer)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copyToByteArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "FileCopyUtils", False, "copyToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "FileSystemUtils", False, "copyRecursively", "(java.io.File,java.io.File)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "LinkedMultiValueMap", False, "LinkedMultiValueMap", "(java.util.Map)", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "LinkedMultiValueMap", False, "LinkedMultiValueMap", "(java.util.Map)", "", "Argument[0].MapValue.Element", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "LinkedMultiValueMap", False, "deepCopy", "", "", "Argument[this].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["org.springframework.util", "LinkedMultiValueMap", False, "deepCopy", "", "", "Argument[this].MapValue", "ReturnValue.MapValue", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "add", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "add", "", "", "Argument[1]", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "addAll", "(java.lang.Object,java.util.List)", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "addAll", "(java.lang.Object,java.util.List)", "", "Argument[1].Element", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "addAll", "(org.springframework.util.MultiValueMap)", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "addAll", "(org.springframework.util.MultiValueMap)", "", "Argument[0].MapValue.Element", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "addIfAbsent", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "addIfAbsent", "", "", "Argument[1]", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "getFirst", "", "", "Argument[this].MapValue.Element", "ReturnValue", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "set", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "set", "", "", "Argument[1]", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "setAll", "", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "setAll", "", "", "Argument[0].MapValue", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "toSingleValueMap", "", "", "Argument[this].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMap", True, "toSingleValueMap", "", "", "Argument[this].MapValue.Element", "ReturnValue.MapValue", "value", "manual"]
- ["org.springframework.util", "MultiValueMapAdapter", False, "MultiValueMapAdapter", "", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
- ["org.springframework.util", "MultiValueMapAdapter", False, "MultiValueMapAdapter", "", "", "Argument[0].MapValue.Element", "Argument[this].MapValue.Element", "value", "manual"]
- ["org.springframework.util", "ObjectUtils", False, "addObjectToArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "ObjectUtils", False, "addObjectToArray", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "ObjectUtils", False, "toObjectArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "ObjectUtils", False, "unwrapOptional", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]
- ["org.springframework.util", "PropertiesPersister", True, "load", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
- ["org.springframework.util", "PropertiesPersister", True, "loadFromXml", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
- ["org.springframework.util", "PropertiesPersister", True, "store", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "PropertiesPersister", True, "store", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "PropertiesPersister", True, "storeToXml", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "PropertiesPersister", True, "storeToXml", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "PropertyPlaceholderHelper", False, "PropertyPlaceholderHelper", "", "", "Argument[0..1]", "Argument[this]", "taint", "manual"]
- ["org.springframework.util", "PropertyPlaceholderHelper", False, "parseStringValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "PropertyPlaceholderHelper", False, "replacePlaceholders", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "PropertyPlaceholderHelper", False, "replacePlaceholders", "(java.lang.String,java.util.Properties)", "", "Argument[1].MapValue", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "ResourceUtils", False, "extractArchiveURL", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "ResourceUtils", False, "extractJarFileURL", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "ResourceUtils", False, "getFile", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "ResourceUtils", False, "getURL", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "ResourceUtils", False, "toURI", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "RouteMatcher", True, "combine", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "RouteMatcher", True, "matchAndExtract", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
- ["org.springframework.util", "RouteMatcher", True, "matchAndExtract", "", "", "Argument[1]", "ReturnValue.MapValue", "taint", "manual"]
- ["org.springframework.util", "RouteMatcher", True, "parseRoute", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "SerializationUtils", False, "deserialize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "SerializationUtils", False, "serialize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StreamUtils", False, "copy", "(byte[],java.io.OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "StreamUtils", False, "copy", "(java.io.InputStream,java.io.OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "StreamUtils", False, "copy", "(java.lang.String,java.nio.charset.Charset,java.io.OutputStream)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["org.springframework.util", "StreamUtils", False, "copyRange", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["org.springframework.util", "StreamUtils", False, "copyToByteArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StreamUtils", False, "copyToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "addStringToArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "StringUtils", False, "addStringToArray", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "StringUtils", False, "applyRelativePath", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "arrayToCommaDelimitedString", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "arrayToDelimitedString", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "arrayToDelimitedString", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "capitalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "cleanPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "collectionToCommaDelimitedString", "", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "collectionToDelimitedString", "", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "collectionToDelimitedString", "", "", "Argument[1..3]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "commaDelimitedListToSet", "", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "commaDelimitedListToStringArray", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "concatenateStringArrays", "", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "delete", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "deleteAny", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "delimitedListToStringArray", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "getFilename", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "getFilenameExtension", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "mergeStringArrays", "", "", "Argument[0..1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "StringUtils", False, "quote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "quoteIfString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "removeDuplicateStrings", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "StringUtils", False, "replace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "replace", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "sortStringArray", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "StringUtils", False, "split", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "splitArrayElementsIntoProperties", "", "", "Argument[0].ArrayElement", "ReturnValue.MapKey", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "splitArrayElementsIntoProperties", "", "", "Argument[0].ArrayElement", "ReturnValue.MapValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "stripFilenameExtension", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "toStringArray", "", "", "Argument[0].Element", "ReturnValue.ArrayElement", "value", "manual"]
- ["org.springframework.util", "StringUtils", False, "tokenizeToStringArray", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimAllWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimArrayElements", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimLeadingCharacter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimLeadingWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimTrailingCharacter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimTrailingWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "trimWhitespace", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "uncapitalize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "unqualify", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringUtils", False, "uriDecode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "StringValueResolver", False, "resolveStringValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.springframework.util", "SystemPropertyUtils", False, "resolvePlaceholders", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
Reference in New Issue View Git Blame Copy Permalink